Package: node-ejs / 2.5.7-3+deb11u1

Metadata

Package Version Patches format
node-ejs 2.5.7-3+deb11u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix test for lru cache 5.diff | (download)

test/ejs.js | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 fix test for lru-cache  5
fix for mocha 8.patch | (download)

test/ejs.js | 272 132 + 140 - 0 !
1 file changed, 132 insertions(+), 140 deletions(-)

 fix test for mocha  8
CVE 2022 29078.patch | (download)

lib/ejs.js | 22 13 + 9 - 0 !
lib/utils.js | 34 32 + 2 - 0 !
test/ejs.js | 12 12 + 0 - 0 !
3 files changed, 57 insertions(+), 11 deletions(-)

 sanitize localsname option and fix prototype pollution
 This patch fixes CVE-2022-29078 but I also apply prototype pollution fixes,
 even if there are no CVE associated with it